Missing function level access control vulnerabilities occur when the application does not perform access control checks when executing sensitive operations. For example, if the application doesn't che...

Many web applications use URL redirection to direct a user to another site or page on the same site. Some web sites make it possible to manipulate the destination of the URL redirection. An attacker m...

A web application's output is rendered as a web page. If user input is included in the web application output, then it is also rendered as a part of the web page. If user input is included in output w...

Directory indexing vulnerabilities occur when a web application server is configured to return a listing of files in a web accessible directory in response to an HTTP request for that directory. Direc...

Application misconfiguration vulnerabilities occur when an application is not configured properly by the user. Examples include weak passwords, weak access control permissions, exposed configuration s...

Server misconfiguration vulnerabilities occur when the server that hosts the web application is not configured properly.
Some types of server misconfiguration might not provide any dangerous capabil...

Fingerprinting is a broad term that describes searching for telltale signs that a specific application or system component is running on a given system. These telltale signs are called fingerprints. T...

Improper filesystem permissions vulnerabilities occur when the filesystem permissions are not sufficiently restricted, either as a result of the application not setting strict enough permissions or th...

Cookie security issues occur when all the measures available for protecting cookies are not fully implemented. Measures that can be used to protect cookies are listed in the Countermeasures section of...

Applications that use authentication need a method for storing credentials. Credentials might be stored for authenticating users to the application or for the application to authenticate to external s...

Insufficient authorization vulnerabilities occur when the application allows a user to perform an action without checking if the user has sufficient privileges to carry it out. This allows attackers t...

A parameter tampering vulnerability occurs when an attacker can modify parameters used by a web application that have security implications. For example, a vulnerable application might allow an attack...

Most web applications use cookies to keep track of session state. Some applications use other mechanisms to keep track of authenticated sessions. These custom authentication schemes are usually vulner...

Applications that use authentication need a method for storing passwords. One of the simplest ways to store passwords is to hard-code them into the application. This approach is not secure, because an...

Data leaks between sessions occur when unintentional access to one session's data is provided to another session. Data leaks between sessions usually occur when session-specific data is stored in memb...

Insufficient password recovery vulnerabilities occur when the application does not have an effective process to verify user identity when handling a "forgotten password" condition, and then either giv...

Brute forcing is a broad term that refers to repeatedly performing a very simple, automated attack, which has a small chance of being successful for each iteration. The more iterations are performed,...

Insufficient session expiration vulnerabilities occur when the application keeps user sessions active for an unreasonably long period of time. The correct amount of time to keep a user session active...

When a Cookie has the Secure flag set, that cookie will not be sent over a non-encrypted connection. If the Secure attribute is not set on a sensitive cookie, the cookie will be sent in plaintext and...

Scripting languages often have functions, such as eval(), that allow interpreting a string or a file as a part of the application. The danger of using these functions is that, under certain conditions...

Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing directory services. Directories provide a set of attributes about people that are organized in a hierarchical manne...

XML external entity (XXE) injection vulnerabilities occur when the XML processor allows the attacker to control data loaded into the XML document as "external entities." Some XML processors support a...

Applications use connection strings to specify credentials used to access databases. If the application includes unvalidated user input in connection strings, an attacker might be able to change what...

SQL injection is a type of vulnerabilities in database access code that allows attackers to execute unauthorized queries on the database. SQL Injection vulnerabilities are caused by concatenating data...

XPath injection is a type of vulnerability that allows attackers to execute arbitrary queries on XML databases. XPath injection vulnerabilities are similar to SQL injection vulnerabilities, but they a...

File upload vulnerabilities allow attackers to upload malicious code. (Technically, allowing users to upload anything that the application's design doesn't account for can be considered a file upload...

Remote file inclusion (RFI) occurs when the application executes a file located on an external server, which is usually controlled by the attacker. This enables the attacker to execute arbitrary code...

XSLT injection occurs when the application concatenates untrusted data into an XSL stylesheet. This allows the attacker to manipulate the document that is produced when the XSL stylesheet is rendered...

Server-side Include Injection (SSI) vulnerabilities occur when the application allows creation of files that contain Server-side Include directives. If an attacker is able to create files that contain...

Mail command injection vulnerabilities occur when an application implements its own email client code and concatenates user data with email commands. There should be no reason to implement email clien...

Applications often execute external commands as a part of their functionality. If the attacker is able to manipulate the choice of external commands or their parameters, the attacker will be able to a...

XML injection occurs when an attacker is able to supply data to the application that is interpreted as a part of an XML document in a manner that violates the intended use of XML by the application. X...

“Using components with known vulnerabilities” refers to an application that uses third-party code that contains known vulnerabilities. The result is that the vulnerabilities in the third-party code be...

Cookies are used by web applications to store data in the browser. Cookies might be marked as persistent and stored for an extended period of time. An attacker might gain access to the drive that stor...

An insufficiently protected credential weakness occurs when the application doesn't store or transmit the authentication credentials securely. If the passwords are not hashed and salted, an attacker m...

Applications that use cryptography need a method for managing keys. One of the simplest ways to store the keys is to hard-code them into the application. However, this approach is not secure, because...

A weak cryptographic hash vulnerability occurs when the application uses a hashing algorithm that is considered to be less resistant to attack than the currently recommended algorithms, and/or the cho...

Weak encryption vulnerabilities occur when weak encryption algorithms are used or encryption is not used properly. For encryption to work properly, strong and up-to-date cryptographic algorithms must...

TLS should be used to protect any sensitive data in transit. Some applications don't use TLS even during authentication or when transmitting sensitive data, and an attacker might be able to intercept...

Information leakage is a blanket term for vulnerabilities that disclose either something about the system or some of the application data to unauthorized users. Information leak vulnerabilities result...

A system information leak occurs when either the application or the application server discloses information about the web application platform that might be useful to the attacker. Some examples of i...

Information exposure through an error message occurs when an error message discloses sensitive information that might help an attacker. Typical examples include disclosing whether a username is valid...

A cross site request forgery (CSRF) attack occurs when an attacker tricks a victim into loading a page that contains a malicious request. This request might be able to change the state of the web appl...

Insecure direct object reference vulnerabilities occur when an application exposes the system names of system resources that it uses and allows an attacker to manipulate these names. If an attacker ca...